PHP/ASP/JSP Source Backup File Grab for 2026-03-07
Mar 07, 2026
WebExploit
Last Updated: 12:12 UTC
Probing for backup copies of web application source files (.php.bak, .php.old, .php.txt, .php.orig, .php.swp). These files are frequently created by editors or deployment scripts and left accessible, exposing database credentials and application logic.
MITRE ATT&CK
Tactic: Credential Access (TA0006)
Technique: T1552.001 — Credentials in Files
Observed URIs
/wp-config.php.bak/settings.php.old
Attackers by Country
IP Address : ASN : City/Provider
-
16.147.96.70 : ASNone : United States of America
-
45.94.31.158 : AS211826 istqrar for servers services ltd : Dulles